#22519: Firewall: LAN to LAN REDIRECT is invalid
-------------------------+--------------------------------
Reporter: puchuu | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: base system | Version: Chaos Calmer 15.05
Keywords: |
-------------------------+--------------------------------
I have an ssh server working on port 6322, I want to make it available
from lan using REDIRECT iptables rule.
{{{
config redirect
option target 'REDIRECT'
option src 'lan'
option dest 'lan'
option proto 'tcp'
option src_dport '22'
option dest_port '6322'
option name 'router ssh for lan'
}}}
This doesn't work: no rules were generated.
{{{
config redirect
option target 'DNAT'
option src 'lan'
option dest 'lan'
option proto 'tcp'
option src_dport '22'
option dest_port '6322'
option name 'router ssh for lan'
}}}
This works but the rule is invalid:
{{{
REDIRECT tcp -- anywhere anywhere tcp dpt:ssh /* router ssh for lan
*/ redir ports 6322
}}}
These 2 "anywhere" words made me to create an invalid ticket
[https://dev.openwrt.org/ticket/22518]. All traffic to 22 port was
redirected to 6322.
So I have to use custom iptables rule:
{{{
config include
option path '/etc/firewall.user'
option reload '1'
}}}
{{{
iptables -t nat -A zone_lan_prerouting --src OpenWrt.lan/24 --dst
OpenWrt.lan -p tcp --dport 22 -j REDIRECT --to-ports 6322
}}}
Please fix REDIRECT generator.
--
Ticket URL: <https://dev.openwrt.org/ticket/22519>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
openwrt-tickets@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
